C# 阻止访问.Net MVC中的特定区域
MVC3网站的管理部分被创建为一个区域。然后,我将以下代码放入Web.configC# 阻止访问.Net MVC中的特定区域,c#,.net,asp.net-mvc-3,asp.net-mvc-areas,C#,.net,Asp.net Mvc 3,Asp.net Mvc Areas,MVC3网站的管理部分被创建为一个区域。然后,我将以下代码放入Web.config <location path="Admin"> <system.web> <authentication mode="Forms"> <forms loginUrl="~/Admin/Login/Login" timeout="5000" defaultUrl="~/Admin/Login/Redirect" /> </authenticati
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Admin/Login/Login" timeout="5000" defaultUrl="~/Admin/Login/Redirect" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
然而,它抛出了一个错误
解析器错误消息:使用注册为的节是错误的
allowDefinition='MachineToApplication'超出应用程序级别。这
错误可能是由于未将虚拟目录配置为
IIS中的应用程序
源错误:
Line 44: <location path="Admin">
Line 45: <system.web>
Line 46: <authentication mode="Forms">
Line 47: <forms loginUrl="~/Admin/Login/Login" timeout="5000" defaultUrl="~/Admin/Login/Redirect" />
Line 48: </authentication>
第44行:
第45行:
第46行:
第47行:
第48行:
您无法覆盖方法并重定向到所需的登录页面
例如:
public class AdminAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
var routeValues = new RouteValueDictionary(new
{
controller = "login",
action = "login",
area = "admin"
});
filterContext.Result = new RedirectToRouteResult(routeValues);
}
}
就您的web.config而言,
节点必须直接在
节下配置,而不是在
节内配置。我已经尝试过解释
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
RouteCollection existingcoll = new RouteCollection();
foreach (Route _route in RouteTable.Routes)
existingcoll.Add((RouteBase)_route);
//keep all default registerd routes in Asp Application object
Application["ExistingRoutecolling"] = existingcoll;
}
}
//after login when user called first action to render dashboard, you can add logic there
public ActionResult ModuleDashboard
{
//get default registerd routes from Asp Application object which we stored in Application_Start() method
MvcApplication app = (MvcApplication)HttpContext.ApplicationInstance;
RouteCollection existingcoll = (RouteCollection)app.Application["ExistingRoutecolling"];
// remove all register routes, by default those are registered by application object
while (RouteTable.Routes.Count > 0)
RouteTable.Routes.RemoveAt(0);
//navigate each route from collection and add in actual application route collection object
foreach (Route _route in existingcoll)
{
// allow only those routes , which belongs to the area which you want allow to access the login user
if (_route.Url == "Admin/{controller}/{action}/{id}")
RouteTable.Routes.Add((RouteBase)_route);
// re-register routes again
RouteConfig.RegisterRoutes(RouteTable.Routes);
// now redirect with expected action
return RedirectToAction("controller", "action", new { area = "Admin" });
}
}
如果应用程序包含多个区域,
当应用程序运行时,所有区域都被注册。
以便登录用户可以访问每个区域
但如果你想只允许进入特定区域,
然后您需要覆盖默认的区域注册过程
在这个过程中,我们删除了,所有的路线都属于每个区域
而(RouteTable.Routes.Count>0)
RouteTable.Routes.RemoveAt(0)
之后,我们只允许那些我们想要允许的区域登录用户,
为此我们用了
MvcApplication app = (MvcApplication)HttpContext.ApplicationInstance;
RouteCollection existingcoll = outeCollection)app.Application["ExistingRoutecolling"];
foreach (Route _route in existingcoll)
{
// allow only those routes , which belongs to the area which you want allow to access the login user
if (_route.Url == "Admin/{controller}/{action}/{id}")
RouteTable.Routes.Add((RouteBase)_route);
// re-register routes again
RouteConfig.RegisterRoutes(RouteTable.Routes);
// now redirect with expected action
return RedirectToAction("controller", "action", new { area = "Admin" });
}
我只需要对admin目录中的区域进行密码保护。我该如何进行。请指导。您可以编写自定义授权属性。根据您希望存储用户数据的位置,您也可以启用。请解释一下您的代码以及为什么它是一个解决方案